IBM Support

IT24279: SECURITY VULNERABILITY: THE JSESSIONID IS DISPLAYED IN THE URL IN IBM STERLING FILE GATEWAY VIEW

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Security vulnerability: The JSESSIONID is displayed in the URL
    in IBM Sterling File Gateway view community functionality.
    

Local fix

  • RTC:  561216
    

Problem summary

  • Users Affected:
    All
    
    Problem Description:
    JSessionID is displayed in the URL in IBM Sterling File Gateway
    view.
    
    Platforms Affected:
    All
    

Problem conclusion

  • Resolution Summary:
    
    A code fix is provided.
    
    Delivered In:
    5020603_6
    6000006
    6000304
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT24279

  • Reported component name

    STR FILE GATEWA

  • Reported component ID

    5725D0700

  • Reported release

    226

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-03-05

  • Closed date

    2018-07-10

  • Last modified date

    2021-02-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR FILE GATEWA

  • Fixed component ID

    5725D0700

Applicable component levels

[{"Line of Business":{"code":"LOB02","label":"AI Applications"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4TGX","label":"IBM Sterling File Gateway"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.2"}]

Document Information

Modified date:
03 March 2021